With iOS 18.2, Apple will allow you to share the location of a lost AirTag with other people and with more than 15 different airlines. The Verge reports: When using the feature, you can generate a Share Item Location link within the Find My app on an iPhone, iPad, or Mac. Once you share the link with someone, they can click on it to view an interactive map with the location of your lost item. Apple will update the website automatically when the lost item moves, and it will also display a timestamp when it moved last. Apple will turn off the feature once you find your lost item. You can also manually stop sharing the location of an AirTag at any time, or the link will "automatically expire after seven days." [...]

As part of the rollout, Apple is partnering with over 15 airlines, including Delta, United, Virgin Atlantic, Lufthansa, Air Canada, and more. All of these airlines will be able to "privately and securely" accept links to lost items, as "access to each link will be limited to a small number of people, and recipients will be required to authenticate in order to view the link through either their Apple Account or partner email address." This feature will be available to airlines in the "coming months." Additionally, SITA, a baggage tracing solution, will also implement Share Item Location into its luggage tracker.

The FTX estate has filed a lawsuit against Binance and former CEO Changpeng Zhao, seeking to recover $1.76 billion, alleging a "fraudulent" 2021 share deal that involved funding from FTX's insolvent Alameda Research. The suit also accuses Zhao of misleading social media posts that allegedly spurred customer withdrawals and contributed to FTX's collapse. CNBC reports: In a Sunday filing with a Delaware court, FTX cites a 2021 transaction in which Binance, Zhao and others exited their investment in FTX, selling a 20% stake in the platform and a 18.4% stake in its U.S.-based entity West Realm Shires back to the company. The FTX estate alleges that the share repurchase was funded by FTX's Alameda Research division through a combination of the company's and Binance's exchange tokens, as well as Binance's dollar-pegged stablecoin.

"Alameda was insolvent at the time of the share repurchase and could not afford to fund the transaction," the suit claims, labeling the deal agreed with FTX co-founder Sam Bankman-Fried -- who's now serving a 25-year sentence over fraud linked to the downfall of his exchange -- a "constructive fraudulent transfer." Binance denies the allegations, saying in an emailed statement, "The claims are meritless, and we will vigorously defend ourselves."

On Tuesday Massachusetts voted to become the first state to allow gig-working drivers to join labor unions, reports WBUR: Since these gig workers are classified as independent contractors, federal law allowing employees the right to unionize does not apply to them. With the passage of this ballot initiative, Massachusetts is the first state to give ride-hailing drivers the ability to collectively bargain over working conditions.
Supporters have said the ballot measure "could provide a model for other states to let Uber and Lyft drivers unionize," reports Reuters, "and inspire efforts to organize them around the United States." Roxana Rivera, assistant to the president of 32BJ SEIU, an affiliate of the Service Employees International Union, that had spearheaded a campaign to pass the proposal, said its approval shows that Massachusetts voters want drivers to have a meaningful check against the growing power of app-based companies... The Massachusetts vote was the latest front in a years-long battle in the United States over whether ride-share drivers should be considered to be independent contractors or employees entitled to benefits and wage protections. Studies have shown that using contractors can cost companies as much as 30% less than employees.

Drivers for Uber and Lyft, including approximately 70,000 in Massachusetts, do not have the right to organize under the National Labor Relations Act... Under the Massachusetts measure, drivers can form a union after collecting signatures from at least 25% of active drivers in Massachusetts, and companies can form associations to allow them to jointly negotiate with the union during state-supervised talks.
But the Boston Globe points out that the measure " divided labor advocates in Massachusetts, some of whom worry it would in fact be a step backward in the lengthy fight to boost the rights of gig workers." Those concerns led the state's largest labor organization, the AFL-CIO, to remain neutral. But two unions backing the effort, the SEIU 32BJ and the International Association of Machinists, say allowing drivers to unionize, even if not as full employees, will help provide urgently needed worker protections and better pay and safety standards.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

With the debut of the Pirate Bay TV series in Sweden, international viewers are finding it surprisingly difficult to pirate. TorrentFreak reports: The series premiered at the on-demand platform of the Swedish national broadcaster SVT a few hours ago. International deals haven't been announced, but pirates can generally get access anyway. Soon after the first two episodes of The Pirate Bay series came out, scene release copies started circulating online. As one would expect.

The Scene group OLLONBORRE, which specializes in Swedish content, was the first to pick the show up. Within minutes, the first 1080p WEB-rips were posted on private scene servers and 720p copies followed a few hours later. Interestingly, pirate releases have yet to make their way to The Pirate Bay. We haven't seen any other copies on other public pirate sites either, which is surprising given the topic of the series.

It's common knowledge that The Scene -- a secretive network of release groups -- prefers to keep its releases private. Therefore, it wasn't happy with The Pirate Bay's public nature and rise to prominence in the early 2003s, which is highlighted in the first episodes of the TV series. However, we expected non-scene release groups would be eager to pick up the show. Apparently that's not the case, yet.

An anonymous reader quotes a report from TechCrunch: The FBI is warning that hackers are obtaining private user information — including emails and phone numbers — from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property. The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness.

"Cyber-criminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory. [...] The FBI said in its advisory that it had seen several public posts made by known cybercriminals over 2023 and 2024, claiming access to email addresses used by U.S. law enforcement and some foreign governments. The FBI says this access was ultimately used to send fraudulent subpoenas and other legal demands to U.S. companies seeking private user data stored on their systems. The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would "suffer greatly or die" unless the company in question returns the requested information.

The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users. But not all fraudulent attempts to file emergency data requests were successful, the FBI said. The FBI said in its advisory that law enforcement organizations should take steps to improve their cybersecurity posture to prevent intrusions, including stronger passwords and multi-factor authentication. The FBI said that private companies "should apply critical thinking to any emergency data requests received," given that cybercriminals "understand the need for exigency."

The FBI is warning that hackers are obtaining private user information -- including emails and phone numbers -- from U.S.-based tech companies by compromising government and police email addresses to submit "emergency" data requests. From a report: The FBI's public notice filed this week is a rare admission from the federal government about the threat from fraudulent emergency data requests, a legal process designed to help police and federal authorities obtain information from companies to respond to immediate threats affecting someone's life or property.

The abuse of emergency data requests is not new, and has been widely reported in recent years. Now, the FBI warns that it saw an "uptick" around August in criminal posts online advertising access to or conducting fraudulent emergency data requests, and that it was going public for awareness. "Cyber-criminals are likely gaining access to compromised U.S. and foreign government email addresses and using them to conduct fraudulent emergency data requests to U.S. based companies, exposing the personal information of customers to further use for criminal purposes," reads the FBI's advisory.

IBM is facing a new lawsuit alleging that its Weather Channel website shared users' personal data with third-party ad partners without consent, violating the Video Privacy Protection Act (VPPA). The Register reports: In the absence of a comprehensive federal privacy law, the complaint [PDF] claims Big Blue violated America's Video Privacy Protection Act (VPPA), enacted in 1988 in response to the disclosure of Supreme Court nominee Robert Bork's videotape rental records. IBM was sued in 2019 (PDF) by then Los Angeles City Attorney Mike Feuer over similar allegations: That its Weather Channel mobile app collected and shared location data without disclosure. The IT titan settled that claim in 2020. A separate civil action against IBM's Weather Channel was filed in 2020 and settled in 2023 (PDF).

This latest legal salvo against alleged Weather Channel-enabled data collection takes issue with the sensitive information made available through the company's website to third-party ad partners mParticle and AppNexus/Xandr (acquired by Microsoft in 2022). The former provides customer analytics, and the latter is an advertising and marketing platform. The complaint, filed on behalf of California plaintiff Ed Penning, contends that by watching videos on the Weather Channel website, those two marketing firms received Penning's full name, gender, email address, precise geolocation, the name, and the URLs of videos he watched, without his permission or knowledge.

It explains that the plaintiff's counsel retained a private research firm last year to analyze browser network traffic during video sessions on the Weather Channel website. The research firm is said to have confirmed that the website provided the third-party ad firms with information that could be used to identify people and the videos that they watched. The VPPA prohibits video providers from sharing "personally identifiable information" about clients without their consent. [...] The lawsuit aspires to be certified as a class action. Under the VPPA, a successful claim allows for actual damages (if any) and statutory damages of $2,500 for each violation of the law, as well as attorney's fees.

An anonymous reader quotes a report from 404 Media: If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process -- simply voting -- into a security and privacy threat. [...]

The Voter Reference Foundation, which runs VoteRef, is a right wing organization helmed by a former Trump campaign official, ProPublica previously reported. The goal for that organization was to find irregularities in the number of voters and the number of ballots cast, but state election officials said their findings were "fundamentally incorrect," ProPublica added. In an interview with NPR, the ProPublica reporter said that the Voter Reference Foundation insinuated (falsely) that the 2020 election of Joe Biden was fraudulent in some way. 404 Media has found people on social media using VoteRef's data to spread voting conspiracies too. VoteRef has steadily been adding more states' records to the VoteRef website. At the time of writing, it has records for all states that legally allow publication. Some exceptions include California, Virginia, and Pennsylvania. ProPublica reported that VoteRef removed the Pennsylvania data after being contacted by an attorney for Pennsylvania's Department of State. "Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable," said Justin Sherman, a Duke professor who studies data brokers.

"Policymakers need to get with the times and recognize that data brokers digitizing, aggregating, and selling data based on public records -- which are usually considered 'publicly available information' and exempted from privacy laws -- has fueled decades of stalking and gendered violence, harassment, doxing, and even murder," Sherman said. "Protecting citizens of all political stripes, targets and survivors of gendered violence, public servants who are targets for doxing and death threats, military service members, and everyone in between depends on reframing how we think about public records privacy and the mass aggregation and sale of our data."

An anonymous reader quotes a report from CBC News: The head of a company specializing in cryptocurrency was kidnapped and held for ransom in downtown Toronto during rush hour Wednesday. Police were called about a kidnapping in the area of University Avenue and Richmond Street W. just before 6 p.m., says a spokesperson with the Toronto Police Service. The suspects forced the victim into a vehicle and made a demand for money, the spokesperson said. The man was later located in Centennial Park in Etobicoke uninjured.

CBC Toronto has learned the victim is Dean Skurka, the president and CEO of Toronto-based financial firm WonderFi. He was released after a ransom of $1 million was paid electronically, a source close to the investigation said. Police say the investigation is ongoing and have not released any further details. [...] The alleged kidnapping happened the same day WonderFi released its third quarter earnings results, showing a 153 per cent increase compared to its third quarter in 2023.

An anonymous reader quotes a report from PCMag: Have I Been Pwned has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. DataBreach.com is the work of a New Jersey company called Atlas Privacy, which helps consumers remove their personal information from data brokers and people search websites. On Wednesday, the company told us it had launched DataBreach.com as an alternative to Have I Been Pwned, which is mainly searchable via the user's email address. DataBreach.com is designed to do that and more. In addition to your email address, the site features an advanced search function to see whether your full name, physical address, phone number, Social Security number, IP address, or username are in Atlas Privacy's extensive library of recorded breaches. More categories will also be added over time.

Atlas Privacy has been offering its paid services to customers, such as police officers and celebrities, to protect bad actors from learning their addresses or phone numbers. In doing so, the company has also amassed over 17.5 billion records from the numerous stolen databases circulating on the internet, including in cybercriminal forums. As a public service, Atlas is now using its growing repository of stolen records to create a breach notification site, free of charge. DataBreach.com builds off Atlas's effort in August to host a site notifying users whether their Social Security number and other personal information were leaked in the National Public Data hack. Importantly, Atlas designed DataBreach.com to prevent it from storing or collecting any sensitive user information typed into the site. Instead, the site will fetch a hash from Atlas' servers, or a fingerprint of the user's personal information -- whether it be an email address, name, or SSN -- and compare it to whatever the user is searching for. "The comparison will be done locally," meaning it'll occur on the user's PC or phone, rather than Atlas's internet server, de Saint Meloir said.

An anonymous reader quotes a report from Reuters: Australia Prime Minister Anthony Albanese said on Thursday the government would legislate for a ban on social media for children under 16, a policy the government says is world-leading. "Social media is doing harm to our kids and I'm calling time on it," Albanese told a news conference. Legislation will be introduced into parliament this year, with the laws coming into effect 12 months after it is ratified by lawmakers, he added. There will be no exemptions for users who have parental consent.

"The onus will be on social media platforms to demonstrate they are taking reasonable steps to prevent access," Albanese said. "The onus won't be on parents or young people." Communications Minister Michelle Rowland said platforms impacted would include Meta Platforms' Instagram and Facebook, as well as Bytedance's TikTok and Elon Musk's X. Alphabet's YouTube would likely also fall within the scope of the legislation, she added.

Intel faces a class-action lawsuit alleging its 13th and 14th generation desktop processors from 2022 and 2023 are defective, causing system instability and frequent crashes. The suit claims that Intel knew of the issue but continued marketing the processors anyway. The Register reports: The plaintiff, Mark Vanvalkenburgh of Orchard Park, New York, purchased an Intel Core i7-13700K from Best Buy in January 2023, according to the complaint [PDF]. "After purchasing the product, Plaintiff learned that the processor was defective, unstable, and crashing at high rates," the complaint claims. "The processor caused issues in his computer, including random screen blackouts and random computer restarts. These issues were not resolved even after he attempted to install a patch issued by Intel for its 13th Generation processors."

The potential class-action lawsuit cites various media reports and social media posts dating back to December 2022 that describe problems with Intel's 13th and 14th generation processors, known as Raptor Lake. These reports document unexplained failures and system instability, as well as a higher-than-expected rate of product returns. "By late 2022 or early 2023, Intel knew of the defect," the complaint says. "Intel's Products undergo pre-release and post-release testing. Through these tests, Intel became aware of the defect in the processors." And because Intel continued making marketing claims touting the speed and performance of its products, with no mention of any defect, the complaint alleges that Intel committed fraud by omission, breached implied warranty, and violated New York General Business Law.

The federal government of Canada has ordered TikTok to shut down its operations in the country, citing national security concerns. However, Canadians will still be able to access the app and use it to create content. "The decision to use a social media application or platform is a personal choice," said Innovation Minister Francois-Philippe Champagne.

"We came to the conclusion that these activities that were conducted in Canada by TikTok and their offices would be injurious to national security. I'm not at liberty to go into much detail, but I know Canadians would understand when you're saying the government of Canada is taking measures to protect national security, that's serious." CBC News reports: Champagne urged Canadians to use TikTok "with eyes wide open." Critics have claimed that TikTok users' data could be obtained by the Chinese government. "Obviously, parents and anyone who wants to use social platform should be mindful of the risk," he said. The decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may harm Canada's national security.

Former CSIS director David Vigneault told CBC News it's "very clear" from the app's design that data gleaned from its users "is available to the government of China" and its large-scale data harvesting goals. "Most people can say, 'Why is it a big deal for a teenager now to have their data [on TikTok]?' Well in five years, in 10 years, that teenager will be a young adult, will be engaged in different activities around the world," he said at the time. "As an individual, I would say that I would absolutely not recommend someone have TikTok."

An anonymous reader quotes a report from The Guardian: The US supreme court grappled on Wednesday with a bid by Meta's Facebook to scuttle a federal securities fraud lawsuit brought by shareholders who accused the social media platform of misleading them about the misuse of user data. The justices heard arguments in Facebook's appeal of a lower court's decision allowing the 2018 class action suit led by Amalgamated Bank to proceed. The suit seeks unspecified monetary damages in part to recoup the lost value of the Facebook stock held by the investors. It is one of two cases coming before them this month -- the other one involving artificial intelligence chipmaker Nvidia on 13 November -- that could lead to rulings making it harder for private litigants to hold companies to account for alleged securities fraud.

At issue is whether Facebook broke the law when it failed to detail the prior data breach in subsequent business-risk disclosures, and instead portrayed the risk of such incidents as purely hypothetical. Facebook argued in a supreme court brief that it was not required to reveal that its warned-of risk had already materialized because "a reasonable investor" would understand risk disclosures to be forward-looking statements. "When we think about these questions, we're not looking only to lies or complete false statements," the liberal justice Elena Kagan told Kannon Shanmugam, the lawyer for Facebook. "We're also looking to misleading statements or misleading omissions." The conservative justice Samuel Alito asked Shanmugam: "Isn't it the case that an evaluation of risks is always forward-looking?" "It is. And that is essentially what underlies our argument here," Shanmugam responded.

The plaintiffs accused Facebook of misleading investors in violation of the Securities Exchange Act, a 1934 federal law that requires publicly traded companies to disclose their business risks. They claimed the company unlawfully withheld information from investors about a 2015 data breach involving British political consulting firm Cambridge Analytica that affected more than 30 million Facebook users. Edward Davila, a US district judge, dismissed the lawsuit but the San Francisco-based ninth US circuit court of appeals revived it. The supreme court's ruling is expected by the end of June.